Commentors on the final California Consumer Privacy Act regulation queried: “Are session cookies a “unique personal identifier?”

The California Attorney General replied: Maybe, depending on the context.

  • A “unique personal identifier” is a persistent identifier that can be used to recognize a consumer.
  • If a session cookie cannot be used to recognize a consumer, family or device that is linked to a consumer or family, over time and across services, it would not fall within this definition.
  • This is fact-specific and contextual and you should consult with an attorney.

This echoes the approach under GDPR.

CCPA Final Regs Session Cookies Odia Kagan